Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

•Download as PPTX, PDF•

4 likes•1,701 views

This presentation explains how security teams can leverage hunting and analytics to detect advanced threats faster, more reliably, and with common analyst skill sets. Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-and-ueba-webinar

Software

Threat Hunting and
UEBA:
Similarities, Differences, and How
They Work Together
• Speakers:
• Greg Schaffer, FirstBank CISO
• Luis Maldonado. Sqrrl VP of Products
Sponsor:

© 2017 Security Current
Speakers
Greg Schaffer
First Bank CISO
Luis Maldonado
Sqrrl VP of Products

© 2017 Security Current
Peer-authored Research
Authored by Chief Information Security Officers, CISOs Investigate is an
ongoing series that offers first-hand insights to security leaders as they
make business-driven technology decisions.
About CISOs Investigate

© 2017 Security Current
CISO-authored Research
About CISOs Investigate

© 2017 Security Current
Unpacking theReport

© 2017 Security Current
"A risk-based approach is highly recommended in order
to gain some quick wins. Generally, this starts by
looking at privileged access to various applications."
- James Beeson, Chief Information Security Officer and IT Risk Leader,GE
Capital Americas
A CISO Looks at the History of UBA

© 2017 Security Current
• Incorporating user behavior beyond
simple login
• Behavioral analytics connects the
past (baseline), the present (event)
and future (pre-direction)
Technology Overview – Core Features

© 2017 Security Current
• Control Aspects
• Risk AssessmentTool
• Baseline
• Compliance
• Staffing
• Use Cases
• Challenges
Key Considerations

© 2017 Security Current
• Effective Across
Industries
• AWin-Win for CISOs
• A Natural Fit for Risk-
based Security
Takeaways

© 2017 Security Current
•Company Overview
•Business Use Cases
•Technology
•Business Goals
•Recommendations and Advice
Case Study – Oppenheimer & Co – Henry Jiang,CISO

© 2017 Sqrrl Data, Inc. All rights reserved. 12
Analytics Perspective
UBA
UEBA
Behavioral Analytics

© 2017 Sqrrl Data, Inc. All rights reserved. 13
HuntingTools
Visualization
Analytics
Data
Aggregation
Collaboration

© 2017 Sqrrl Data, Inc. All rights reserved. 14
Hunting
Proactive Iterative
Human-driven Analytical

© 2017 Sqrrl Data, Inc. All rights reserved. 15
Challenges Driving Hunting Investment

© 2017 Sqrrl Data, Inc. All rights reserved. 16
TheValue of Hunting

© 2017 Sqrrl Data, Inc. All rights reserved. 17
Threat Hunting Maturity Model

© 2017 Sqrrl Data, Inc. All rights reserved. 18
SOC Detection Processes (“Loops”)
Detection
Improvements
Observe
Alert
Validate
Hunting
Plan
Test
Content Development Automated Detection
Rules &
Analytics
Discover
Hypothesize
CompareImplementReviseInvestigateEnrich

© 2017 Sqrrl Data, Inc. All rights reserved. 19
Threat Hunting Loop

© 2017 Sqrrl Data, Inc. All rights reserved. 20
Analytics in the Hunting Loop
Analytics
help
provide a
starting
point for
hunts

© 2017 Sqrrl Data, Inc. All rights reserved. 21
Analytics in the Hunting Loop
Investigatio
n aided by
analytic
techniques

© 2017 Sqrrl Data, Inc. All rights reserved. 22
Analytics in the Hunting Loop
Identify
behavioral
patterns

© 2017 Sqrrl Data, Inc. All rights reserved. 23
Analytics in the Hunting Loop
Analytics
are
created
from the
results of
the hunt

© 2017 Sqrrl Data, Inc. All rights reserved. 24
Sqrrl’s Approach to Behavioral Analytics
Detection of kill chain-oriented
Tactics,Techniques, and Procedures of adversaries
rather than only general anomalies

© 2017 Sqrrl Data, Inc. All rights reserved. 25
Uniting UEBA and Hunting

© 2017 Sqrrl Data, Inc. All rights reserved. 26
SqrrlThreat Hunting Platform

© 2017 Sqrrl Data, Inc. All rights reserved. 27
info.sqrrl.com/download-uba-guide
User & Entity Behavior Analytics
What's included in this
Real-world insights from CISOs who already deployed tools
Case studies to highlight importance of UBA technology
A RFI template developed by the CISOs
CISO-authored UBA Buyer's Guide

© 2017 Sqrrl Data, Inc. All rights reserved. 28
info.sqrrl.com/download-ueba-ebook
User & Entity Behavior Analytics
What's included in this
What you need to know about advanced behavioral analytics
How it can automate and revolutionize threat hunting
How to use it for streamlined threat detection practices
The Heart of Next-Generation Threat Hunting

What's hot

Cyber Threat Intelligence

ZaiffiEhsan

View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd View companion webinar: "Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series. Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders. The webinar covers: - The job duties of a Cyber Threat Hunting professional - Frameworks and strategies for Cyber Threat Hunting - How to get started and progress your defensive security career - And questions from live viewers! Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/

Cyber Threat Hunting: Identify and Hunt Down Intruders

Infosec

Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise. Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence. This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.

Global Cyber Threat Intelligence

NTT Innovation Institute Inc.

Security Information and Event Managemen

S Periyakaruppan CISM,ISO31000,C-EH,ITILF

Cyber Threat hunting workshop

Arpan Raval

Cyber Threat Hunting with Phirelight

Hostway|HOSTING

In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.

Threat Hunting - Moving from the ad hoc to the formal

Priyanka Aash

Threat hunting - Every day is hunting season

Ben Boyd

This presentation showcased live during the DNIF KONNECT meetup on 19th December 2019. We have our presenter: Ruchir Shah- Account Manager at DNIF, walk us through the importance of SOAR Some key points discussed during the meetup: -Understand, what is SOAR. -The problems a SOAR solution solves. -Real-time demo by DNIF expert on SOAR. Watch the full presentation here: https://www.youtube.com/watch?v=bCp-WAs6w5I

Insight into SOAR

DNIF

From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.

Cyber threat intelligence: maturity and metrics

Mark Arena

Ever wonder what threat hunting is all about? Join Infosec Principal Security Researcher Keatron Evans as he breaks down the basics of what it’s like to have a career hunting down potential cyber threats. Join us on for an inside look at a day in the life of a threat hunter, including: Why threat hunters are more critical today than ever before Knowledge and skills needed to drive threat hunting success Live demos of essential threat hunting skills and tools used to detect and mitigate adversarial behavior One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat! P.S. Want to go even deeper into threat hunting? Don’t miss our advanced threat hunting session on June 28, Join the hunt: Threat hunting for proactive cyber defense.

Threat hunting foundations: People, process and technology.pptx

Infosec

Security Information and Event Management

UTD Computer Security Group

Splunk Phantom SOAR Roundtable

Splunk

Threat Hunting Procedures and Measurement Matrice

Vishal Kumar

Threat Hunting with Cyber Kill Chain

Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP

SIEM Primer:

Anton Chuvakin

Presented at BSides Perth 2019 Synopsis: Although the practice of collecting and using intelligence has been studied and conducted by governments and the military for centuries, it’s relative application to Cyber Security has only recently been highlighted. This area of infosec has been termed Cyber Threat Intelligence, where the marriage of traditional intelligence techniques and analysis with deep technical understanding within the Cyber domain are used to predict future actions by threats through long term analysis and modelling. This approach is then used to support both proactive and reactive cyber security actions, from incident response to penetration testing. This presentation focuses on threat intelligence from a practical data perspective, moving away from just the commercial concept of threat intelligence feeds (although these form one part of the equation). This presentation will approach threat intelligence from an analysts perspective of what questions needs to be answered to effectively investigate an incident, using the Diamond Model and Cyber Kill Chain as framing devices. These questions will then lead to examples of the data that can be used to answer these questions. Although traditionally data collection has focused on external cyber information, more often than not however, it’s actions outside of those seen within an organisations network, or even outside cyberspace that can provide context to the actions a threat takes. Finally, we provide a number of use cases on which the results of threat intelligence processes can be applied within a Security Operations Centre, including Incident Response as well as traditional Penetration Testing and Red Teaming.

Cyber Threat Intelligence - It's not just about the feeds

Iain Dickson

PHDays 2018 Threat Hunting Hands-On Lab

Teymur Kheirkhabarov

Threat hunting 101 by Sandeep Singh

OWASP Delhi

PaloAlto Enterprise Security Solution

Prime Infoserv

What's hot (20)

Cyber Threat Intelligence

Cyber Threat Hunting: Identify and Hunt Down Intruders

Global Cyber Threat Intelligence

Security Information and Event Managemen

Cyber Threat hunting workshop

Cyber Threat Hunting with Phirelight

Threat Hunting - Moving from the ad hoc to the formal

Threat hunting - Every day is hunting season

Insight into SOAR

Cyber threat intelligence: maturity and metrics

Threat hunting foundations: People, process and technology.pptx

Security Information and Event Management

Splunk Phantom SOAR Roundtable

Threat Hunting Procedures and Measurement Matrice

Threat Hunting with Cyber Kill Chain

SIEM Primer:

Cyber Threat Intelligence - It's not just about the feeds

PHDays 2018 Threat Hunting Hands-On Lab

Threat hunting 101 by Sandeep Singh

PaloAlto Enterprise Security Solution

Similar to Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

Today's threats demand a more active role in detecting and isolating sophisticated attacks. This must-see presentation provides practical guidance on modernizing your SOC and building out an effective threat hunting program. Ed Amoroso and David Bianco discuss best practices for developing and staffing a modern SOC, including the essential shifts in how to think about threat detection. Watch the presentation with audio here: http://info.sqrrl.com/webinar-modernizing-your-security-operations

Modernizing Your SOC: A CISO-led Training

Sqrrl

Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts. While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn: Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs Criteria to consider when evaluating vendors and solutions The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence

How to Improve Threat Detection & Simplify Security Operations

IBM Security

The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions

Learning from Verizon 2017 Data Breach Investigations Report – The New Targets

Ulf Mattsson

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...

Cohesive Networks

Analyst Resources for Chief Information Security Officers (CISOs)

Synopsys Software Integrity Group

How to Operationalize Big Data Security Analytics

Interset

How to Operationalize Big Data Security Analytics

Interset

Effective Security Operation Center - present by Reza Adineh

ReZa AdineH

Netwatcher Credit Union Tech Talk

NetWatcher

Mobile apps fall in scope for a number of regulatory requirements that govern the banking and financial services industries, such as: guidelines from the Federal Financial Institutions Examination Council (FFIEC), the Gramm–Leach–Bliley Act (GLBA), New York State cybersecurity requirements for financial services companies, the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, and more. Luckily, a repeatable mobile app security assessment program and standardized reporting go a long way in both achieving compliance objectives and securing mobile apps and data. Originally presented on August 22, 2017, NowSecure Security Solutions Engineer Brian Lawrence explains: -- How and where exactly mobile apps fall in scope for various compliance regimes -- Mobile app security issues financial institutions must identify and fix for compliance purposes -- How assessment reports can be used to demonstrate due diligence

Solving for Compliance: Mobile app security for banking and financial services

NowSecure

Cisco Connect 2018 Singapore - delivering intent for data center networking

NetworkCollaborators

Machine Learning + AI for Accelerated Threat-Hunting

Interset

Cyber security and demonstration of security tools

Vicky Fernandes

Data Science for Cyber Risk

Scott Allen Mongeau

A New Approach to Threat Detection: Big Data Security Analytics

Interset

Emerging Trends in Application Security

Synopsys Software Integrity Group

With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk. Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines. Viewers will learn: - The latest cybercrime trends and targets - Trends in board involvement in cybersecurity - How to effectively manage the full range of enterprise risks - How to protect against ransomware - Visibility into third party risk - Data security metrics

Cyber Risk Management in 2017 - Challenges & Recommendations

Ulf Mattsson

Malaysia has a National Cyber Security Policy (NCSP) that consists of 8 thrusts – 1) Effective Governance, 2) Legislative and Regulatory Framework, 3) Cyber Security Technology Framework, 4) Culture of Security and Capacity Building, 5) Research and Development Towards Self Reliance, 6) Compliance and Enforcement, 7) Cyber Security Emergency Readiness, 8) International Cooperation, and CyberSecurity Malaysia (CSM) has played a role in every each of the thrusts; for example Thrust 7 through our CyberDEF, program. CSM is also the anchor of our national cyber drill headed by the National Security Council (NSC) intended to ensure the effectiveness of all the thrusts and Cyber-l3 System - Intelligence, Incidence, and Investigation Based Big Data Technology, is to further strengthen the operationalization of the NCSP as a whole. It is the aimed of this presentation to share on the project governance, technical issues, and solutions including its progress till to date. Some of the topics that will be covered are Cyber-I3 objectives, incidents in Malaysia, its framework (matrix/system), collaborators, research & development and big data forensics based on honeynet deployment and feeds. Included is the way forward as to ensure this system is successful in order to build and create a secure and resilient cyberspace for Malaysia.

Cyber-I3 System - Intelligence, Incidence, and Investigation-based Big Data T...

DataWorks Summit

https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 : With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk. Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines. Viewers will learn: - The latest cybercrime trends and targets - Trends in board involvement in cybersecurity - How to effectively manage the full range of enterprise risks - How to protect against ransomware - Visibility into third party risk - Data security metrics

Cyber Risk Management in 2017: Challenges & Recommendations

Ulf Mattsson

Traditional security operations centres (SOCs) often focus too narrowly on alert triage or on meeting simplistic checkbox compliance requirements. This approach can leave the organisation with critical cybersecurity blind spots, and lead to other common problems including low SOC productivity, high analyst turnover, and increased operational costs. Ultimately, this traditional approach to running a SOC can cause the security team to fail to achieve its mission of detecting, responding to, and mitigating true threats in the environment. This session will cover how to build a modern analytics-driven security operations capability for your organisation. The analytics-driven SOC leverages technology innovations to serve human analysts by fusing advanced analytics, threat intelligence, automated response/orchestration, threat hunting, deep investigation, and incident response. This approach helps the security team to consistently deliver fast, effective threat detection and response.

SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...

Splunk

Similar to Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together (20)

Modernizing Your SOC: A CISO-led Training

How to Improve Threat Detection & Simplify Security Operations

Learning from Verizon 2017 Data Breach Investigations Report – The New Targets

CircleCity Con 2017 - Dwight Koop's talk Cybersecurity for real life: Using t...

Analyst Resources for Chief Information Security Officers (CISOs)

How to Operationalize Big Data Security Analytics

Effective Security Operation Center - present by Reza Adineh

Netwatcher Credit Union Tech Talk

Solving for Compliance: Mobile app security for banking and financial services

Cisco Connect 2018 Singapore - delivering intent for data center networking

Machine Learning + AI for Accelerated Threat-Hunting

Cyber security and demonstration of security tools

Data Science for Cyber Risk

A New Approach to Threat Detection: Big Data Security Analytics

Emerging Trends in Application Security

Cyber Risk Management in 2017 - Challenges & Recommendations

Cyber-I3 System - Intelligence, Incidence, and Investigation-based Big Data T...

Cyber Risk Management in 2017: Challenges & Recommendations

SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...

More from Sqrrl

Transitioning Government Technology

Sqrrl

Leveraging Threat Intelligence to Guide Your Hunts

Sqrrl

Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network? In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.

How to Hunt for Lateral Movement on Your Network

Sqrrl

Machine Learning for Incident Detection: Getting Started

Sqrrl

So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations. Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc

Building a Next-Generation Security Operations Center (SOC)

Sqrrl

Traditional security measures like firewalls, IDS, endpoint protection, and SIEMs are only part of the network security puzzle. Threat hunting is a proactive approach to uncovering threats that lie hidden in your network or system, that can evade more traditional security tools. Go in-depth with Sqrrl and SANS Institute to learn how hunting platforms work. Watch the recording with audio here: http://info.sqrrl.com/sans-sqrrl-threat-hunting-webcast

Threat Hunting Platforms (Collaboration with SANS Institute)

Sqrrl

Threat Hunting for Command and Control Activity

Sqrrl

In this training session, two leading security experts review how adversaries use DNS to achieve their mission, how to use DNS data as a starting point for launching an investigation, the data science behind automated detection of DNS-based malicious techniques and how DNS tunneling and DGA machine learning algorithms work. Watch the presentation with audio here: http://info.sqrrl.com/leveraging-dns-for-proactive-investigations

Leveraging DNS to Surface Attacker Activity

Sqrrl

If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.

The Art and Science of Alert Triage

Sqrrl

Reducing Mean Time to Know

Sqrrl

Organizations are utilizing Sqrrl Enterprise to securely integrate vast amounts of multi-structured data (e.g., tens of petabytes) onto a single Big Data platform and then are building real-time applications using this data and Sqrrl Enterprise’s analytical interfaces. The secure integration is enabled by Accumulo’s innovative cell-level security capabilities and Sqrrl Enterprise’s security extensions, such as encryption.

Sqrrl Enterprise: Big Data Security Analytics Use Case

Sqrrl

The Linked Data Advantage

Sqrrl

Sqrrl Enterprise: Integrate, Explore, Analyze

Sqrrl

Sqrrl Datasheet: Cyber Hunting

Sqrrl

Benchmarking The Apache Accumulo Distributed Key–Value Store

Sqrrl

Scalable Graph Clustering with Pregel

Sqrrl

What's Next for Google's BigTable

Sqrrl

The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. Years of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season!

April 2015 Webinar: Cyber Hunting with Sqrrl

Sqrrl

Sqrrl 2.0 Launch Webinar

Sqrrl

October 2014 Webinar: Cybersecurity Threat Detection

Sqrrl

More from Sqrrl (20)

Transitioning Government Technology

Leveraging Threat Intelligence to Guide Your Hunts

How to Hunt for Lateral Movement on Your Network

Machine Learning for Incident Detection: Getting Started

Building a Next-Generation Security Operations Center (SOC)

Threat Hunting Platforms (Collaboration with SANS Institute)

Threat Hunting for Command and Control Activity

Leveraging DNS to Surface Attacker Activity

The Art and Science of Alert Triage

Reducing Mean Time to Know

Sqrrl Enterprise: Big Data Security Analytics Use Case

The Linked Data Advantage

Sqrrl Enterprise: Integrate, Explore, Analyze

Sqrrl Datasheet: Cyber Hunting

Benchmarking The Apache Accumulo Distributed Key–Value Store

Scalable Graph Clustering with Pregel

What's Next for Google's BigTable

April 2015 Webinar: Cyber Hunting with Sqrrl

Sqrrl 2.0 Launch Webinar

October 2014 Webinar: Cybersecurity Threat Detection

Recently uploaded

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

masabamasaba

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

SelfMade bd

WSO2CON 2024 Slides - Open Source to SaaS

WSO2

Artyushina_Guest lecture_YorkU CS May 2024.pptx

AnnaArtyushina1

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

masabamasaba

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic near me by a powerful astrologer and spell caster in Atlanta. Bring back your lover with Asaf's voodoo-love witchcraft. Psychic Reading | Astrologer | Spell Caster | Obsession Spells | Black Magic | Witchcraft | Protection spell | wiccan spells. Black magic expert and voodoo love spells that work overnight to retrieve that love | lost love spell caster with powerful love psychic reading. Best astrologer & psychic in Sandy Springs, GA to renew your relationship & make your relationship stronger. love spells to bring back the feelings of love for ex-lovers. Increase the intimacy, affection & love between you and your lover using voodoo relationship obsession spells in USA. Money spells, easy love spells with just words, think of me spell, powerful love spell, spells of love, spells that work, love potion to attract a man, easy love spells with just words, pink candle prayer, white magic spells, call me spell, manifestation spell, gay love spells, Commitment spells, business spells and, how to bring back lost love in a relationship, Witchcraft love spells that work immediately to increase love & intimacy in your relationship. Attraction love spells to attract someone, stop a divorce, prevent a breakup & get your ex back. When using love binding spells, there are several things you should know, particularly how to protect yourself from negative energies and how to use the powers of incantations for the good of all people involved. When the focus is love, the results are truly magical. It’s important to remember love is not manipulative, it is not forceful, and it does not bend another to its will. Love is free-flowing, accepting, kind, and generous. For your love spell to work as intended, you must have good intentions in your heart. Below, we share the top five love spells you can use today to shift the energies in your life and create a future filled with love and fulfilment. Obsession spells to Get Your Ex-Lover Back. All women want one thing the most in life to be love and love in return – not much to ask. A lady wants a good man who loves you unconditionally and loyally. You want a man who is honest, hardworking, and loyal – not a complainer or a weakling or a self-centred man. You are a strong, independent, sensual, caring, loving woman. And you don’t think it’s asking too much to want to be with a loving, intelligent man with a good sense of humour and daring, an upright and confident man – who knows who he is. No one wants a chauvinistic and macho man, but you do want someone who will be willing to protect and care for you. Who loves you for you and not some kind of imaginary. You have no doubt that when the right guy appears on your doorstep, you’ll never let him go. But sometimes a man doesn’t realize he has that good woman.

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

chiefasafspells

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pretoria ● Abortion Pills For Sale In Pretoria ● Pretoria 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

WSO2

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

masabamasaba

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

masabamasaba

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

VictoriaMetrics

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

masabamasaba

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

Recently uploaded (20)

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

VTU technical seminar 8Th Sem on Scikit-learn

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...

WSO2CON 2024 Slides - Open Source to SaaS

Artyushina_Guest lecture_YorkU CS May 2024.pptx

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...

WSO2CON 2024 - Does Open Source Still Matter?

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

Announcing Codolex 2.0 from GDK Software

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

1. Threat Hunting and UEBA: Similarities, Differences, and How They Work Together • Speakers: • Greg Schaffer, FirstBank CISO • Luis Maldonado. Sqrrl VP of Products Sponsor:

3. © 2017 Security Current Peer-authored Research Authored by Chief Information Security Officers, CISOs Investigate is an ongoing series that offers first-hand insights to security leaders as they make business-driven technology decisions. About CISOs Investigate

6. © 2017 Security Current "A risk-based approach is highly recommended in order to gain some quick wins. Generally, this starts by looking at privileged access to various applications." - James Beeson, Chief Information Security Officer and IT Risk Leader,GE Capital Americas A CISO Looks at the History of UBA

7. © 2017 Security Current • Incorporating user behavior beyond simple login • Behavioral analytics connects the past (baseline), the present (event) and future (pre-direction) Technology Overview – Core Features

11. Threat Hunting and UEBA

18. © 2017 Sqrrl Data, Inc. All rights reserved. 18 SOC Detection Processes (“Loops”) Detection Improvements Observe Alert Validate Hunting Plan Test Content Development Automated Detection Rules & Analytics Discover Hypothesize CompareImplementReviseInvestigateEnrich

24. © 2017 Sqrrl Data, Inc. All rights reserved. 24 Sqrrl’s Approach to Behavioral Analytics Detection of kill chain-oriented Tactics,Techniques, and Procedures of adversaries rather than only general anomalies

27. © 2017 Sqrrl Data, Inc. All rights reserved. 27 info.sqrrl.com/download-uba-guide User & Entity Behavior Analytics What's included in this Real-world insights from CISOs who already deployed tools Case studies to highlight importance of UBA technology A RFI template developed by the CISOs CISO-authored UBA Buyer's Guide

28. © 2017 Sqrrl Data, Inc. All rights reserved. 28 info.sqrrl.com/download-ueba-ebook User & Entity Behavior Analytics What's included in this What you need to know about advanced behavioral analytics How it can automate and revolutionize threat hunting How to use it for streamlined threat detection practices The Heart of Next-Generation Threat Hunting

29. Q&A

Editor's Notes

Primary UBA use cases 1) risk mgmt oriented: trusted insider threat, contractor 2) threat detection oriented: external attacker compromising a host/user and using their creds Use Cases: departure theft, anomalous VPN, call center privacy breach, priv account sharing… EUBA adds others Databases – focus on data protection and governance Applications – CASB misuse We believe you shouldn’t stop there, especially Security Ops teams External attacks that are already in the network Many times no longer simply using user accounts; now have persistence, command control, staging points etc. => need Behavioral analytics across protocols, file systems, host configurations etc. Network flow Ucs: Data exfil, lateral movement Registry DNS data Files system Use Cases: targeted attacks, advanced malware, What you see is Analytics are great tools but need to be built into your organization’s processes and use cases
At Sqrrl, we focus on powering Threat Hunters, so analytics are a great tool Important to note, analytics tools don’t stand on their own. Security Analysts need additional hunting tools to enable their work including: Data aggregation Visualization capabilities Collaboration tools to share insights, assist in investigations, train on best practices etc
Survey across 350,000 member Infosec community
To be effective, hunting needs to be incorporated into other SOC processes (or “loops”) Most SOCs already have mature content development and detection loops Implement signatures, rules and other content that feeds their automated detection processes (IDS, SIEM, DLP etc) Detection cycle – observe, compare to signature, patterns, content; alert; human validates What hunting loop focuses on is coming up with new ideas of activity and behavior to look for This process is used to find things not already in your automated detection content More importantly, drives improvements to your content
Take a closer look at the hunting loop:
Identify behavioral patterns Using link analysis Looking for behavior chains Clusters of anomalous behavior
DGA Locky ransomware Mirai botnet Vawtrak banking trojan
Overview of the Sqrrl platform Ingest traditional and non traditional security sources Logs are common core data sets Supports structured and semi-structured file types Extensible framework for parsing customized sources BENFITS: Include non-traditional sources that provide context (e.g. HR reports, Email, App data) Dynamic extraction We do the ‘heavy lifting’ of populating your desired graph Contrast this with ‘case file’ oriented products such IBM i2 and Palantir Contrast with Maltego which only builds a graph view of queries (called Transforms) BENEFIT: analysts don’t have to focus on massaging data We store the model and the raw data which allows: Evolution of the model Multiple models on the same data – enables team sharing, data reuse etc. Analysis Provide multiple analysis techniques (search, exploration, reporting, computations) Common syntaxes and programming for power users (python, Lucene, SQL) visual exploration environment for patterns, exploring relationships, connections Computational techniques for finding and filtering anomalies / outliers; baseline and compare entity behavior across peer groups Extensible framework for integrating with Hadoop frameworks such as Spark BENEFITS: faster hunting through visual and search techniques; find behaviors and outliers that are hard to see

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

Similar to Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together (20)

More from Sqrrl

More from Sqrrl (20)

Recently uploaded

Recently uploaded (20)

Threat Hunting vs. UEBA: Similarities, Differences, and How They Work Together

Editor's Notes